diff --git a/config/fortify.php b/config/fortify.php index 289cb2b4..d34755f4 100644 --- a/config/fortify.php +++ b/config/fortify.php @@ -15,7 +15,11 @@ 'domain' => null, 'lowercase_usernames' => false, 'limiters' => [ - 'login' => null, + 'login' => 5, + 'login-middleware' => 10, + 'two-factor' => 5, + 'two-factor-middleware' => 10, + 'decay-seconds' => 60, ], 'paths' => [ 'login' => null, diff --git a/routes/routes.php b/routes/routes.php index 6bc8e187..49fc725b 100644 --- a/routes/routes.php +++ b/routes/routes.php @@ -31,14 +31,14 @@ ->name('login'); } - $limiter = config('fortify.limiters.login'); - $twoFactorLimiter = config('fortify.limiters.two-factor'); + $limiterMiddleware = config('fortify.limiters.login-middleware'); + $twoFactorLimiterMiddleware = config('fortify.limiters.two-factor-middleware'); $verificationLimiter = config('fortify.limiters.verification', '6,1'); Route::post(RoutePath::for('login', '/login'), [AuthenticatedSessionController::class, 'store']) ->middleware(array_filter([ 'guest:'.config('fortify.guard'), - $limiter ? 'throttle:'.$limiter : null, + $limiterMiddleware ? 'throttle:'.$limiterMiddleware : null, ])); Route::post(RoutePath::for('logout', '/logout'), [AuthenticatedSessionController::class, 'destroy']) @@ -134,7 +134,7 @@ Route::post(RoutePath::for('two-factor.login', '/two-factor-challenge'), [TwoFactorAuthenticatedSessionController::class, 'store']) ->middleware(array_filter([ 'guest:'.config('fortify.guard'), - $twoFactorLimiter ? 'throttle:'.$twoFactorLimiter : null, + $twoFactorLimiterMiddleware ? 'throttle:'.$twoFactorLimiterMiddleware : null, ])); $twoFactorMiddleware = Features::optionEnabled(Features::twoFactorAuthentication(), 'confirmPassword') diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php index e9715681..fd63ba94 100644 --- a/src/Http/Controllers/AuthenticatedSessionController.php +++ b/src/Http/Controllers/AuthenticatedSessionController.php @@ -83,7 +83,7 @@ protected function loginPipeline(LoginRequest $request) } return (new Pipeline(app()))->send($request)->through(array_filter([ - config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class, + config('fortify.limiters.login') ? EnsureLoginIsNotThrottled::class : null, config('fortify.lowercase_usernames') ? CanonicalizeUsername::class : null, Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null, AttemptToAuthenticate::class, diff --git a/src/LoginRateLimiter.php b/src/LoginRateLimiter.php index 5bbda474..b2cefa48 100644 --- a/src/LoginRateLimiter.php +++ b/src/LoginRateLimiter.php @@ -45,7 +45,7 @@ public function attempts(Request $request) */ public function tooManyAttempts(Request $request) { - return $this->limiter->tooManyAttempts($this->throttleKey($request), 5); + return $this->limiter->tooManyAttempts($this->throttleKey($request), config('fortify.limiters.login', 5)); } /** @@ -56,7 +56,7 @@ public function tooManyAttempts(Request $request) */ public function increment(Request $request) { - $this->limiter->hit($this->throttleKey($request), 60); + $this->limiter->hit($this->throttleKey($request), config('fortify.limiters.decay-seconds', 60)); } /** diff --git a/stubs/fortify.php b/stubs/fortify.php index cfe82722..57d1576c 100644 --- a/stubs/fortify.php +++ b/stubs/fortify.php @@ -115,8 +115,11 @@ */ 'limiters' => [ - 'login' => 'login', - 'two-factor' => 'two-factor', + 'login' => 5, + 'login-middleware' => 10, + 'two-factor' => 5, + 'two-factor-middleware' => 10, + 'decay-seconds' => 60, ], /*